How to set session timeout of administrator console in Forti Gate?

Vulnerability:

Session time was not set in FortiGate admin console.

Description:

The session timeout setting is used to determine if an administrative or user session is no longer being used, enabling a device to determine when a session can be automatically disconnected. A session could become unused if an administrator has not properly terminated and remains authenticated or if they leave their computer unattended without terminating their session.

Impact:

An attacker could be able to access a system using an authenticated session that is no longer being used. The attacker would then be able to perform information gathering, configuration and other malicious activities under the context of the previous authenticated user. Due to the nature of the access, this could be an administrative level of access.

Solutions:

I recommends that a timeout period of 10 minutes should be configured for all sessions.

The administration connection timeout on Fortinet FortiGate Firewall with UTM FG200B devices can be configured using the following commands:

Performed below commands

 config system global

set admintimeout minutes

end

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: